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Abstract 

In the framework of logic labelled transition system, a variant of weak 
ready simulation has been presented by Liittgen and Vogler. It has been 
shown that such behavioural preorder is the largest precongruence w.r.t 
parallel and conjunction composition satisfying desired properties. This 
paper offers a ground-complete axiomatization for this precongruence over 
processes containing no recursion in the calculus CLL_r. Compared with 
usual inference system for process calculus, in addition to axioms about 
process operators, such system contains a number of axioms to character¬ 
ize the interaction between process operators and logical operators. 

Keywords: process calculus, weak ready simulation, logic labelled 
transition system, axiomatization, CLLh 


1 Introduction 

It is well-known that process algebra and temporal logic take different stand¬ 
point for looking at specifications and verifications of reactive and concurrent 
systems, and offer complementary advantages m- To take advantage of these 
two paradigms when designing systems, a few theories for heterogeneous spec¬ 
ifications have been proposed, e.g., O [HJ [TOj [T2j [T5j [T6j [TTJ [20]. Among them, 
Liittgen and Vogler propose the notion of logic labelled transition system (Logic 
LTS or LLTS for short), which combines operational and logical styles of spec¬ 
ification in one unified framework [uminj. In particular, a variant of weak 
ready simulation has been presented in m, which is adopted to capture re¬ 
finement relation between processes in the presence of logical operators. It has 
been shown that such simulation is the largest precongruence w.r.t parallel and 
conjunction satisfying desired properties m- Moreover, in addition to usual 
process operators (e.g., CSP-style parallel composition, hiding, etc) and logic 
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operators (disjunction and conjunction), some standard temporal logic opera¬ 
tors, such as “always”and “unless”, are also integrated into this framework m- 
In a word, Liittgen and Vogler offer a framework which allows ones to freely 
mix operational and logic operators when designing systems. 

Liittgen and Vogler’s approach is entirely semantic, and doesn’t provide any 
kind of syntactic calculus. Recently, the first three authors of this paper explore 
recursive operations over LLTS in a pure process-algebraic style. A LLTS- 
oriented process calculus CLL/{ is presented, and the uniqueness of solutions of 
equations in CLL/j is established under a certain circumstance Ba¬ 
it is one of important topics in concurrency theory that giving axiomatiza- 
tion for behaviour relations. For example, Milner gives an axiomatization for 
observational congruence in CCS m-, Baeten and Bravetti extend Milner’s this 
work and provide an axiomatization over TCP- 1 -RFC/ [2], where TCP- 1 -RFC/ 
is a fragment of TCP- 1 -RFC which is a generic process language that embodies 
features of the classical process algebras CCS, CSP and ACP; Lin offers com¬ 
plete inference systems for late and early weak bisimulation equivalences for 
processes without involving recursion in 7r-calculus El; Aceto et al. explore 
the axiomatization of weak simulation semantics systematically over BCCSP 
(without recursion) [T]. Although Liittgen and Vogler’s original paper m men¬ 
tions some sound laws, a complete set of axioms seems out of reach. As the 
main contribution of this paper we intend to provide a proof system for Liittgen 
and Vogler’s weak ready simulation over CLL/j-processes with finite behaviour, 
and demonstrate its soundness and ground-completeness. 

The rest of this paper is organized as follows. The notion of Logic LTS and 
the calculus CLLr are recalled in the next section. The inference system is 
presented in Section 3, along with the soundness proof. Section 4 demonstrates 
that the inference system is ground-complete for processes with finite behaviour. 
The paper is concluded with Section 5, where a brief discussion is given. 


2 Preliminaries 

The purpose of this section is to fix our notation and terminology, and to intro¬ 
duce some concepts that underlie our work in all other parts of the paper. 

2.1 Logic LTS and ready simulation 

Let Act be the set of visible action names ranged over by a, b, etc., and let Actr 
denote ActU{r} ranged over by a and /3, where r represents invisible actions. A 
labelled transition system with predicate is a quadruple {P,Actr,^,F), where 
P is a set of states, —^-C P x Actr x P is the transition relation and F C P. 

As usual, we write p (or, p ^) if 3q G P.p q {$q G P.p q, resp.). 
The ready set {a G Actr\p -^} of a given state p is denoted by I{p). A state p 
is stable if p A number of useful decorated transition relations are given: 
p—>-F9iffp—and p,q ^ F; 

p q iS p{^)*q, where (—>•)* is the transitive and reflexive closure of —>•; 
p ^ g iff dr, s G P.p r —>■ s ^ g; 
p \q iS p ^ q ^ with 7 G AcF U {e}; 

p 9 iff there exists a sequence of r-transitions from p to q such that 
all states along this sequence, including p and q, are not in P; the decorated 
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transition p q may be defined similarly; 
p |g iff p ^F q 7 ^ with 7 G Actr U {e}. 

Notice that the notation p in [121 HZ] has the same meaning as p I? 
in this paper, while p ^ |g in this paper does not involve any requirement on 
F-predicate. 

Definition 2.1 (Logic LTS [H]). An LTS {P,Actr,^,F) is an LLTS if, for 
each p £ P, 

(LTSl) p £ F ii3a € I{p)'iq £ P{p A q implies q £ F); 

(LTS2) p£Fif$q£ P.p ^F |g. 

Moreover, an LTS (F, Actr,^, F) is r-pure if, for each p £ P, p ^ implies 
£ Act. p A. 

Compared with usual LTSs, one distinguishing feature of LLTS is that it 
involves consideration of inconsistencies. The main motivation behind such 
consideration lies in dealing with inconsistencies caused by conjunctive compo¬ 
sition. In the notion above, the predicate F is used to denote the set of all 
inconsistent states that represent empty behaviour that cannot be implemented 
m In the sequel, we shall use the phrase ‘‘‘'inconsistency predicate^' to refer to 
F. The condition (LTSl) formalizes the backward propagation of inconsisten¬ 
cies, and (LTS2) captures the intuition that divergence (i.e., infinite sequences 
of T-transitions) should be viewed as catastrophic. For more intuitive ideas and 
motivation about inconsistency, the reader may refer [IS] US]. 

The notion of ready simulation below is adopted to capture the refinement 
relation in [MIIZ], which is a variant of the usual notion of weak ready sim¬ 
ulation 13113]. It has been proven that such kind of ready simulation is the 
largest precongruence w.r.t parallel composition and conjunction which satisfies 
the desired property that an inconsistent specification can only be refined by 
inconsistent ones (see Theorem 21 in m)- 

Definition 2.2 (Ready simulation on LLTS [IS])- Let {P,Actr,^,F) be a 
LLTS. A relation TZ C P x P is a stable ready simulation relation, if for any 
(p, q) £71 and a £ Act 
(RSI) both p and q are stable; 

(RS2) p i F implies q ^ F; 

(RS3) p Af \p' implies 3q'.q Af \q' and (p',q') £ F; 

(RS4) p ^ F implies I(p) = F(q). 

We say that p is stable ready simulated by q, in symbols p IZ g, if there exists a 

stable ready simulation relation TZ with (p, q) £ TZ. Further, p is ready simulated 

by q, written p Q, if Vp'(p Af \p' implies 3q'{q Af \q' and p' C q')). 

~RS 

The kernels of IZ and Efs are denoted by and =rs resp.. It is easy to 
~RS 

see that IZ itself is a stable ready simulation relation and both Z and 
~RS ~RS 

are pre-order. 

2.2 The calculus CLLr and its operational semantics 

This subsection introduces the LLTS-oriented process calculus CLLf presented 
in [^. Let Var be an infinite set of variables. The terms of CLLf can be given 
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by the following BNF grammar 

t ::= 0 I _L I {a.t) \ (tat) \ (t At) \ (tW t) \ (t |U t) \ X \ {Z\E) 

where X G Var, a G Actr, A C Act and recursive specification E = E(V) with 
V C Var is a set of equations {X = t\X G V} and Z is a. variable in V that 
acts as the initial variable. 

Most of these operators are from CCS [18] and CSP 0 is the process 
capable of doing no action; a.t is action prefixing; □ is non-deterministic external 
choice; ||a is a CSP-style parallel composition. _L represents an inconsistent 
process with empty behavior. V and A are logical operators, which are intended 
for describing logical combinations of processes. 

For any term {Z\E) with E = E(V), each variable in V is bound with scope 
E. This induces the notion of free occurrence of variable, bound (and free) 
variables and a-equivalence as usual. A term t is a process if it is closed, that 
is, it contains no free variable. The set of all processes is denoted by T{T,cLLjt )- 
Unless noted otherwise we use p, q, r to represent processes. Throughout this 
paper, as usual, we assume that recursive variables are distinct from each other 
and no recursive variable has free occurrence; moreover we don’t distinguish 
between a-equivalent terms and use = for both syntactical identical and a- 
equivalence. In the sequel, we often denote (A|{A = tx}) briefly by {X\X = 
tx)- 

For any recursive specification E{V) and term t, the term {t\E) is obtained 
from t by simultaneously replacing all free occurrences of each A(g V)hy {X\E) , 
that is, (t\E) = t{(X\E)/X : X € V}. For example, consider t = Xaa.(Y\Y = 
A BY) and A({A}) = {X = tx} then {t\E) = {X\X = tx)aa.{Y\Y = {X\X = 
tx)aY). In particular, for any E{V) and t = X, {t\E) = {X\E) whenever 
A G U and {t\E) = A if A ^ U. 

An occurrence of A in t is strongly (or, weakly) guarded if such occurrence is 
within some subexpression a.ti with a G Act (r.ti or ti V t 2 resp.). A variable A 
is strongly (or, weakly) guarded in t if each occurrence of A is strongly (weakly 
resp.) guarded. A recursive specification E(V) is guarded if for each A G U and 
Z = tz & E{V), each occurrence of A in tz is (weakly or strongly) guarded. As 
usual, we assume that all recursive specifications considered in the remainder of 
this paper are guarded. 

SOS rules of CVLr are listed in Table [U where a G Act, a G Actr and 
A C Act. All rules are divided into two parts: 

Operational rules specify behaviours of processes. Negative premises in Rules 
i? 02 , i? 03 , Rais and i?ai 4 give r-transition precedence over visible transitions, 
which guarantees that the transition model of CVLr is r-pure. Rules Rag and 
Roio illustrate that the operational aspect of ti V tg is same as internal choice 
in usual process calculus. Rule Rag reflects that conjunction operator is a 
synchronous product for visible transitions. The operational rules of the other 
operators are as usual. 

Predicate rules specify the inconsistency predicate E. Rule Rpi says that 
T is inconsistent. Hence T cannot be implemented. While 0 is consistent and 
implementable. Thus 0 and T represent different processes. Rule Rps reflects 
that if both two disjunctive parts are inconsistent then so is the disjunction. 
Rules Rp 4 — Rpg describe the system design strategy that if one part is incon¬ 
sistent, then so is the whole composition. Rules Rpw and Rpn reveal that 
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a stable conjunction is inconsistent whenever its conjuncts have distinct ready 
sets. Rules Rpiz and Rpi^ are used to capture (LTS2) in Def. 12.11 Intuitively, 
these two rules say that if all stable r-descendants of z are inconsistent, then z 
itself is inconsistent. 


Operational rules 


Rai 

Ra4 

Raj 


a.xi A xi 
xi A yi 

XiOx2 A 2/1 0X2 
xi A 2/1 

xi A X2 A 2/1 A X2 


Ra2 


Ras 


Ras 


Xi A 2/1,X2 7^ 

xiUx2 A 2/1 
X2 A 2/2 

XiOx2 A XiOy2 

X2 A 2/2 

xi A X2 A xi A 2/2 


Roa 

RaQ 


Xi 74,X2 a 2/2 

XinX2 A 2/2 
Xi A 2/1, X2 A 2/2 

Xi A X 2 A 2/1 A 2/2 


Rag- 



Raio 

Xl V X2 —>• Xl 



i?(2ll 

Xl yi 


Rai2 


Xl \\a X 2 -)• yi lU X 2 



Rais 

XiA 2 / 1 ,X 2 A / 

II “ II 

iA) 

i?ai4 


Xl lU X 2 yi lU X 2 



Rais 

Xl A 2/1,X2 A 2/2 , 

II a II 

GAL) 

Raie 


Xl lU X 2 yi lU 2/2 




Xi V X2 A X2 
X2 A 2/2 

Xl lU A Xi lU 2/2 

(. i A) 

Xl lU a:^2 -t Xl \\a 2/2 


A2/ 

{X\E) A 2/ 


{X = tx€ E) 


Predicative rules 

Rpi- 


Rpi 


Rpr 

Rpio 

Rpi2 


xiE 

a.xiE 
X 2 F 

X1UX2E 
xiE 

Xl lU X 2 P “'”“xiAX2F 

Xl A 2/1, X2 7^,Xi A X2 7^ 

Xl A X 2 E 

Xl A X2 ^ z, {2/P : Xl A X2 —t 2/} 


EE 

xiF 

X 1 UX 2 F 

X 2 F 


Rp2 

Rpb 


Rps 


Rp3 

Rpe 


Rpg 


xiF, X2P 

Xl V xoF 
xiF 

Xl lU X 2 F 
X2F 


Xl A X 2 F 

{tx\E)F 


Rpii 

Rpis 

Rpi5 


Xl A X 2 F 
Xl 7 ^, X 2 A 2 / 2 , Xl A X 2 7 ^ 
Xl A X 2 F 

{yF : Xl A X 2 A \y} 

Xl A X 2 F 

{yF : {X\E) A \y} 
{X\E)F 


Table 1: SOS rules of CLL/j 

It has been shown that CLL/j has the unique stable transition model MclLr 
m, which exactly consists of all positive literals of the form t A t' or tF that 
are provable in Strip{CLL}i, MclLr)- Here Strip{CLLii, MclLr) is the stripped 
version [6] of CLL/j w.r.t MclLr- Each rule in S'tr/p(CLL 7 i, MclLr) is of the 
form for some ground instance r of rules in CLL/j such that MclLr \= 

nprem{r), where nprem(r) (or, pprem{r)) is the set of negative (positive resp.) 
premises of r, conc{r) is the conclusion of r and MclLr H nprem{r) means 
that for each t nprem{r), t s ^ MclLr for any s G r(ScLLH)- 

The LTS associated with CLL/j, in symbols LTS{GIAjb), is the quadru¬ 
ple (T(EclLr), Heir, ^clLr, PclLr), where p AclLr p' iff p A p' G MclLr, 


5 



































and p G FclLr iff pF G MclLj^ Therefore p Acll^ p' (or, p G fcLLn) iff 
Strip(CLL/i, McLLji) h p p' {pF resp.) for any p, p' and a G Actr- For 
simplification, in the following we omit the subscripts in AclLh and FclLr ■ 
We end this section by quoting some results from [22] . 

Lemma 2.3. Let p and q be any two processes. Then 

(1) py qGF iffp,qG F; 

(2) a.p G F iffp G F for each a G Adr', 

(3) p Q q G F iff either p G F or q G F with 0 G {□, ||a}; 

(4) P G F or q G F implies p Aq G F; 

(5) 0^ F and _L G F. 

Theorem 2.4. LTS{CLL{i) is a r-pure LETS. Moreover if p G F and r G lip) 
then Vg(p A q implies q G F). 

Theorem 2.5 (precongruence). If p Qrs q then Cx{p/X} Qrs Cx{q/-A}, 
where Cx is any context defined as usual. 

3 Axiomatic system AXcll and its soundness 

This section is devoted to formulating an axiomatic system for the precongru¬ 
ence Qrs and proving its soundness. For the moment, we don’t know whether 
a ground-complete proof system exists for the full calculus CLL^;. This paper 
will restrict itself to the finite fragment, i.e., leave out recursive operator. 

3.1 AXcijL 

Since inconsistency predicate F (more precisely, FolLh) is involved in the def¬ 
inition of Eijs, it could be expected that some algebraic laws hold only for 
processes satisfying certain conditions concerning consistency. However, since 
F itself is in semantic category, it is illegal that formulating these conditions in 
terms of F in axiomatic systems. Therefore, in order to introduce the axiomatic 
system AXcll , a few preliminary definitions are given below, which are needed 
to express side conditions of some axioms. 

Definition 3.1 (Basic Process Term). The basic process terms are defined by 
BNF t ::= 0 I (a.t) \ (tV t) \ (tOt) \ {t \\a t), where a G Adr and A C Act. We 
denote T(Eb) as the set of all basic process terms. 

At a later stage, we will see that the set T(Eb) is sufficiently expressive to 
describe all consistent processes with finite behaviours modulo =rs. Moreover, 
through referring T(Eb), we can formulate syntactically algebraic laws that 
hold conditionally, e.g., Axioms DSA and EXP2. 

Remark 3.2. Since all proofs in this section does not depend on the finiteness 
of processes’ behaviour, all results given in this section are still valid if we extend 
T(Eb) by adding the item {X\E) in BNF above, where {X\E) is any strongly 
guarded processes in T(EclLh) in which neither conjunction operator nor T 
occurs. We denote ET{Tib) as the set of all process terms generating by such 
extended BNF. For the purpose of this paper T(Eb) is sufficient. 
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By Lemmait is easy to see that the operators a.(), V, □ and ||a preserve 
consistency. Thus an immediate consequence of Lemma 12.31 is 

Lemma 3.3. T{T,b) O F = $. 

Let < to,ti,... ,tn-i > be a finite sequence of process terms with n > 0. 
We define the general external choice □ ti by recursion: 

i<.n 


□ ti = 0, □ ti = to, and □ ti 

2<0 i<l i<k+l 


= ( □ ti)ntfc for fc > 1. 

i<k 


Moreover, given a finite sequence < to,...,t„-i > and S C {to,..., t„-i}, 

the general external choice OS' is defined as OS' = □ t', where the sequence 

j<\s\ ^ 

< tg,..., > is the restriction of < to,..., t„_i > to S. In fact, up to =iis 

(or, =, see below), the order and grouping of terms in □ ti may be ignored by 

i<n 

virtue of commutative and associative laws of □ w.r.t =rs (axioms ECl and 
EC2 below, resp.). 

Definition 3.4 (Injective in Prefixes). A process □ Oi.ti is injective in prefixes 

i<.n 

if Oi ^ ttj for any i ^ j < n. 

The axiomatic system AXchh is reported in Table [H It is an inequational 
logic where t = t' means t ^ t' and t' ^ t. Axioms in AAqll may be divided 
into two groups: 

First the ones that involve only a single operator, which capture fundamen¬ 
tal properties of operators, e.g., commutativity, associativity, idempotent, etc. 
These axioms are standard. 

Second the ones that characterize the interaction between operators. Among 
them, the axioms DSl, DS3, DSA and ECCi{l < i < 3) describe the inter¬ 
action between logical and operational operators. As mentioned early, it is one 
distinguishing feature of LLTS that it involves consideration of inconsistencies. 
A number of axioms in this group embody such feature. In particular, as a 
consequence of considering inconsistency, side conditions are associated with 
DSi, ECC3 and EXP2. In the next subsection, we will show that these side 
conditions are necessary by giving counterexamples. 

It should be pointed out that some axioms have been considered by Liittgen 
and Vogler semantically in [TB], including DS2, C02, COS and DIi{3 < i <5). 

Given the axioms and rules of inference, we assume that the resulting no¬ 
tions of proof, length of proof and theorem are already familiar to the reader. 
Following standard usage, \- t ^ t' means that t ^ t' is a theorem of AAcll- 


3.2 Soundness 

This subsection will establish the soundness of AXcll w.r.t Eijs- Although 
AXcll is a proof system for CLL/j-processes with finite behaviours, it is sound 
for the full calculus. Therefore this subsection doesn’t restrict itself to finite 
terms. 

As usual, in order to get soundness, we need to check that all ground in¬ 
stances of axioms are sound w.r.t Crr and all inference are sound. The latter 
immediately follows from reflexivity and transitivity of Crr and Theorem 12.51 
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Axioms 


EC\ xUy = yOx Dll xV y = y\/ X 

EC2 [xUy)Uz = x^{y^z) DI2 x V {y V z) = {x V y) V z 


ECS xDx = X 
ECA xDO = X 
EC5 a;n± = ± 
COl X Ay = y Ax 
C02 X Ax = X 
COS a;A± = ± 
PRl a.E = ± 

PR2 T.x = X 


DIS xV X = X 
DM x\/ L = X 
DM X ^xM y 

DSl xU{y V z) ^ {xWy) V (xOz) 

DS2 X A {y V z) ^ (x A y) V (x A z) 

DS3 x \\a (y V z) ^ (x |U y) V (x ||a z) 

DSA a.{x V y) ^ a.xOa.y, where x,y € T(Eb) 
PAl X lU y = y lU X 
PA2 X lU ± = A 


ECCl □ Qi-Xi A □ bj.yj = _L if {ai\i < n} ^ {^jlJ < 

2<n j<Di. 

ECC2 □ ai.(xi Ayi) ^ □ Qi.Xi A □ a^.y^ 

i<.n i<.n i<.n 

ECCS □ Qi-Xi A □ Qi.yi ^ □ ai.{xi A yi) if □ Qi.Xi is injective in prefixes 

2 <n i<.n i<.n i<.n 

EXPl 


EH Qi.Xi 11^ EH bj.yj ^ 

i<.n j<Pn 


□ ai.(xi lU □ n ^j-i n o^^.Xi lU yj) □ □ a^.{xi |U yj) 

i<n, j<m ^><772, i<.n f i<,n,j<.m 

fli^A ) ai=bj^A 


EXP2 


□ ai.iyX^ ||a □ bj.yj)U □ bj.{ □ ai.Xi \\a Vj) □ □ ai.{x^ \\a yj) 

i<n, j<.D% j<m, i<.n f i<.n,j<.m 

ai^A bj^A ) ai—bj^A 

^ □ ai-Xi ||a n bj.yj, where Xi, yj S T(Eb) for each i < n and j <m 

i<n j<.D% 


Inference rules 


TRANS 


CONTEXT 


t ^ t 

t < t’,t' ^ t” 
t < t" 

for each n-ary operator / 


Table 2: Axioms and inference rules of AAcll 




Therefore the remainder of this subsection will devote itself to verifying the 
soundness of axioms. 

We begin by giving a simple but useful property about combined processes 
pQq with 0 G {□, m, A}. Roughly speaking, it says that consistent and stable 
e-derivatives ofpQq must be compositions of consistent and stable e-derivatives 
of p and q, and the converse also (almost) holds. 

Lemma 3.5. (1) For any 0 G {□, ||a, A}, if pi Q P2 \p 3 then pi \Pi, 
P2 \P2 and P3 = p[ QP2 for some p'i,P2- 

(2) If Pi \p'i and p2 ^f \p 2 then piQp2 ^f \p'i © P2 for 0 G {□, | U }, and 

Pi Ap2 bi AP2 if Pi AP2 i F. 

Proof. Straightforward by applying Theorem 12.41 and Lemma 12.31 □ 

The next observation, which is due to Liittgen and Vogler, reveals that the 
relation Qrs interacts well with logic operators conjunction and disjunction. 

Lemma 3.6. (1) Pi Qrs Pi P2 for i = 1,2. 

(2) If Pi Frs P3 and p2 Qrs Ps then pi V p2 Qrs Ps- 

(3 ) Pi Ap 2 Qrs Pi fori = 1,2. 

(4) If Pi Qrs P2 and pi Pz, then pi Qrs P2 I\P 3- 
Proof. ( 1 , 2 ) Straightforward. 

(3) Assume pi A p2 =^f bi 2 - By Lemma [3.51 pi 4 >f \Pi and pi 2 = Pi Ap'2 

for some p'i,P 2 . Then it suffices to show p'^ A P 2 d p'l. To this end, put 

~RS 

TZ = {(s A t, s)| s and t are stable}. It is routine to verify that 7^ is a stable 
ready simulation relation, as desired. 

( 4 ) It immediately follows from Lemma 13.51 and the fact that p d q and 

~RS 

pd r implies p IZ a Ar (see Lemma 4.5]b □ 

~RS ~RS 

As an immediate consequence of items (3) and (4) in previous lemma, the 
property below is given, which is obtained in |16| . 

Pi Qrs P2 a P3 iff Pi dRs p2 and pi Qrs p^. (FP) 

As pointed out by Liittgen and Vogler [13 US], this is a fundamental property 
of ready simulation in the presence of logic operators. Intuitively, it says that 
Pi is an implementation of the specification p2 A ps if and only if pi implements 
both p2 and p^. Moreover, by Lemma 15^ it is easy to see that the following 
equation holds. 


pA{pVq) =Rs p =RS P'd {p A q) (Absorption) 

More fundamental algebraic laws are collected in the next proposition. 

Proposition 3.7. 

(1) Commutativity: pi 0 p 2 =RS P 2 ©Pi for each 0 G {□, |b, A,V}; 

(2) Associativity: (pi 0 p 2 ) 0P3 =RS Pi © iP 2 © Pa) for each 0 G {□, V, A}; 

(3) Idempotency: p 0p =rs p for each 0 G {□,A,V}; 

(4) Unit element: pDO =rs P , P V T =rs p; 

(5) Zero element: p 0 T =rs -L for each 0 G {□, ||a, A}; 

(6) Identity property: r.p =rs p, a.T =rs -L. 
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Proof. We give the proof only for Commutativity laws, the other laws are left to 
the reader. Clearly Commutativity laws for A and V are implied by Lemma l3.6l 
For 0 S {□, 11^}, the argument is similar to that in the proof of Lemma 13^ 31 . 
that is, by Lemma 13.51 it is enough to check that the relation TZq below is a 
stable ready simulation relation. 

— {{P Q QjQ Q P) ■ PjQ are stable} U Id 

where Id is the identity relation over T(I]clLh)- d 

Remark 3.8. Due to Commutativity, Associativity, Idempotency and Absorp¬ 
tion laws of A and V, modulo =rs, the structure < r(ScLLH),A, V > is a 
lattice. In fact, such lattice is distributive by Prop. 13.101 given later. More¬ 
over, by Lemma [3.61 31 and (FP), the partial order corresponding to the lattice 
< r(EcLLR), A, V > indeed is Qrs, that is, p Qrs q iS p A q =rs P for any 
p,q G T(EclLb)- 

In the following, we shall deal with a few of laws referring to different oper¬ 
ators in one (in)equation. In order to show so-called distributive law, the next 
lemma is needed which reveals that there exist “canonical” evolving paths from 
Pi © {P2 y P2) to its stable e-derivatives (if exist). 

Lemma 3.9. Let 0 G {FI,A, ||a}- If Pi 0 (P 2 V pa) =I>f |P 4 then there are p} 
and ri{i < n and n > 0) such that pi 0 (p 2 V pa) = ro -^f, • ■ ■ , ?'n = Pi, 

(2) Pi =I>F p'l, (3) rj = p[ 0 (p 2 V Pa) and Cj+i = p[ Qpk for some j < n and 
k € {2,3}. 

Proof Since pi 0 (p 2 Vpa) |P 4 and p 2 V pa A, pi 0 (p 2 V Pa)(^F)™|P 4 for 
some m > 0. The rest of the proof is routine by induction on m. □ 

The following Distributive law with 0 = A was first proved in m- 

Proposition 3.10 (Distributive). pi 0 (p 2 Vpa) =rs (pi Q P2) V (pi Qps) for 
each 0 G {□, ||a, A}. 

Proof. The inequation (pi 0 p 2 ) V(pi 0pa) Qrs Pi 0 (P 2 Vpa) immediately follows 
from Theorem 12.51 and Lemma [3.61 1') 121. For the converse inequation, suppose 
Pi © (P 2 Vpa) |P 4 - Then by Theorem 12.41 and Lemma it is easy to get 
(pi©P 2 )V(pi©pa) |P4- IIencepi©(p 2 Vpa) Efs (pi©P2)V(pi©P3). □ 

Since < r(ScLLH), A, V > is a lattice, it immediately follows from Prop. IXTUl 
with 0 = A that pi V (p 2 A pa) =rs (pi V P 2 ) A (pi V pa). 

Proposition 3.11. a.pina.p 2 Efs 0-(pi 'I P2) for each a G Act,-- 

Proof. Pi ©FS Pi V p 2 andp 2 ©fs pi V p 2 (by Lemma[3!l}l)) 

=> a.pi ©FS a-(pi VP 2 ) and a.p 2 ©fs a-(pi VP 2 ) (by Theorem 12.51) 

a.pi©a.p 2 ©FS o.(pi V P 2 ) Ibv Theorem I2.5| and Prop. 13 71) . □ 

A natural problem arises at this point, that is, whether the inequation below 
holds 

a.{pi y P2) EfiS a.pi©a.p 2 - (DS) 

The answer is negative by considering pi = T and p 2 = 0. By Lemma 12.31 
o.(T V 0) ^ F and a.TDa.O G F. Hence a.(T V 0) %rs o.TDa.O. However 
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we can give a necessary and sufficient condition for the inequation (DS) with 
a € Act to be true. To this end, we introduce the notion 

Definition 3.12 (Uniform w.r.t F). Two processes p and q are uniform w.r.t 
F A pGFiSqGF. 

Proposition 3.13. For each a G Act, a.{pi V P2) EiiS a.piOa.p2 iff Pi and p2 
are uniform w.r.t F. 

Proof. (Left implies Right) Suppose pi and p2 are not uniform w.r.t F. 
W.l.o.g, assume that pi € F and p2 ^ F. By Lemma [231 we get a.(pi V P2) ^ F 
and a.piOa.p2 G F. Hence a.(pi V P2) %rs a.piOa.p2. 

(Right implies Left) Since a G Act, it suffices to prove a.{pi V P2) C 

~RS 

a.piOa.p 2 . Put 

TZ = {{a.{pi V p2),a.piaa.p2)} U Id. 

We will show that 7?. is a stable ready simulation relation. It is obvious that 
(RSl-4) hold for each pair in Id. In the following, we deal with the pair {a.{pi V 
P 2 ),a.piOa.p 2 ). Clearly, such pair satisfies (RSI) and (RS4) . 

(RS2) Suppose a.piOa.p2 G F. By Lemma 133 Pi € F for some i G {1,2}. 
Then, since pi andp 2 are uniform w.r.t F, we get pi,p 2 G F. Soa.(piVp 2 ) G F. 

(RS3) Suppose a.{pi yP 2 ) \t. It is easy to see that a.piUa.p 2 \f. 

Moreover a.piUa.p 2 ^ F by a.(pi VP 2 ) 4- ^ (RS2). So a.piUa.p 2 ^f \'f’. □ 


Notice that the situation is different if a = r. In such case, the inequation 
(DS) does not always hold even if pi and p 2 are uniform w.r.t F. As a simple 
example, consider pi = a.O and p 2 = b.O with a b. Clearly, they are uniform 
w.r.t F because of pi,P 2 4 P- Moreover, T.(a.O V b.O) |a.O, and o.0n6.0 is 
the unique process such that r.a.Onr.fe.O |a.0n&.0. But a.O if a.OOb.O 

due to a.O 4 P and I(a.O) ^ F(a.0n6.0). Thus T.(a.O V 6.0) %rs r.a.OnT.6.0. 
Given the key role that general external choice □ pi plays in the axiomatic 

i<.n 

system AAcll, we need to discuss this operator in some detail. We begin with 
giving the following simple result, of which we omit the straightforward proof. 

Lemma 3.14. Let n > 0 and {ai\i < n} C Act. 

( 1 ) \3 Pi G F iff pk € F for some k < n. 

i<.n 

(2) □ Oi.pi ^ Pi for each i < n. 

i<.n 

(3) If □ Oi.pi s then a = Ok and s = pk for some k < n. 

i<.n 

Proposition 3.15. Let Oi, bj G Act for each i < n and j < m. 

( 1 ) If {ai\i <n} {bj\j < m} then □ Oi.pi A □ bj.qj =iis -L. 

2 <n 

(2) □ ai.{pi A qi) Qrs □ Oi.pi A □ Oi.qi. 

i<.n i<.n i<.n 

Proof. (1) By Rules Rpio and Rpn, it holds trivially. 

(2) If n = 0, it is trivial because of the definition of general external choice. Next 
we treat the case n > 0. By Lemma 3751 and Theorem l2.51 ai.{pi Aqi) Qrs Oi.pi 
for each i < n. Then □ ai.{piAqi) U/js □ Oi.pi by Theorem [53] and Prop. 1371 

2<n 2<n 

Similarly, we also have □ Oi.ijpi A qi) Frr □ Oi.qi. Hence □ Oi.ijpi A qf) Qrs 

i<n _ i<.n i<Cn 

□ Oi.pi A □ Oi.qi by Lemma [3.61 □ 

2<n 2<n 


II 


In the following, we provide an example to illustrate that it does not always 
hold that □ ai-pi A □ Qi.qi E_rs □ ai.{pi A qi). 

i<.n i<n i<.n 

Example 3.16. Consider process ao-Po — a.6.0, ai.pi = a.c.O, ao-qo — a.6.0 and 
oi.gi = a.6.0 where c ^ b. Then, □ ai.pi = a.6.0na.c.0, □ ai.qi = a.6.0na.6.0 

z<2 i<2 

and □ ai.(pi A gi) = a.(6.0 A 6.0)na.(c.0 A 6.0). Assume for contradiction that 

i<2 

Dai.piA □ Oi.gj Cfls Oai.{p^Aqi). Thus O at.pi A O ai.qi n □ ai.(pi A 

i<2 i<2 i<2 i<2 i<2 ^ns i<2 

qi) due to a G Act. It follows from c.O A 6.0 ^ and 6.0 that ^ G 

S'trip(CLL/{, MclLh)- So c.O A 6.0 G F because of c.O A 0. Further □ ai.{pi A 

_ i<2 

Qi) G F by Lemma irni Thus, it follows from □ a^.p^A □ ai.qi ^ D cii-{Pi^qi) 

i<2 i<2 ^ RS ^<2 

that □ ai.pi A □ ai.qi G F. Since □ ai.pi ^ F, □ ai.qi ^ F and X( □ ai-pi) = 

i<2 i<2 i<2 i<2 i<2 

Z( □ ai.qi)^ the last rule applied in the proof tree of Strip{CLLji^ MclLr) 1“ 

i<2 

□ Qi.pi A □ ai.qiF is of the form 

i<2 i<2 

{sF : n\ ai.Pi A □ ai.qi A sj \sF : D ai.pi A □ ai.qi A Is) 

i<2 i<2 ^ i<2 i<2 

-or-. 

□ ai.pi A □ Ui.qiF □ ai.pi A □ Ui.qiF 

i<2 i<2 i<2 i<2 

However, since 6.0 A 6.0 is an a-derivative of □ ai.pi A □ ai.qi and 6.0 A 6.0 ^ F, 

i<2 i<.2 

the former is impossible. Moreover, since □ ai.pi A □ ai.qi is the unique stable 

i<2 i<2 

e-derivative of itself, the latter is also impossible due to the well-foundedness of 
proof tree. Thus a contradiction arises, as desired. 

However, for any □ ai.pi with distinct prefixes, we have 

i<.n 

Proposition 3.17. Let ai G Act for each i < n. If O ai.pi is injective in 

i<.n 

prefixes then □ Oi.p* A □ a^.q^ Qrs D ai.{pi A q^). 

i<n i<.n i<.n 

Proof. We examine the case n > 0. Since {ai : i < n} Act, it suffices to prove 

□ ai.pi A □ ai.qi C □ difPi A qi). Put 

i<,n i<.n RS 

TZ = {{n ai.pi A a ai.qi, O a^.ipi A qi))} U Id. 

i<.n i<.n i<.n 

We need to check that ( □ ai.pi A □ ai.qi, D ai-(Pi A g^)) satisfies (RSl-4). For 

i<.n i<.n i<n 

the conditions (RSI,4), it is trivial and omitted. 

(RS2) Suppose □ ai.{pi A qi) G F. Then, by Lemma fd.ldl Pk A qk € F 

i<,n 

for some k. Since both □ ai.pi and □ ai.qi are injective in prefixes, pk A qk is 

2 <n z<n 

the unique Ofc-derivative of □ ai.pi A □ ai.qi. Therefore □ ai.piA □ ai.qi S F 

i<.n i<n i<n i<.n 

comes from Pfc A gfc G F by Theorem 12.41 and (LTSl) in Def. 12.11 as desired. 
(RS3) Suppose □ ai.pi A □ ai.qi \p'- Then □ a^.pi A □ ai.qi Af 

2 <n 2 <n 2 <n z<n 

p" Af \p' for some p”. Since □ ai.pi and □ ai.qi are injective in prefixes, 

i<.n iOn 

there exists k < n such that □ ai.pi ^ Pk, Q Ui-gi A g^, a = Cfc and p" = 

i<.n i<.n 

Pk A qk. Clearly □ ai.{pi A qi) A pfe A qk. Moreover □ ai.(pj A qi) ^ F by 

i<n z<n 
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□ a^.piA □ Ui.Qi ^ F and (RS2). Hence □ ai-ijpiAqi) pkAqk = p” \p' 

i<.n i<.n i<.n 

and {p',p') €TZ. □ 

The next two propositions state the properties of the interaction of general 
external choice and parallel operator, which are analogous to the expansion law 
in usual process calculi, e.g., [18]. 

Proposition 3.18. Let n > 0, m > 0, A C Act and ai, bj € Act for each i < n 
and j < m. Then 


□ Oi.pi \\a □ bj.qj Frs ((□Hi)n(nf22))n(nH3), 

2 <n 

where Hi = {aifpi m □ hj.qj)\i < n and at ^ A}, H 2 = {bj.{ □ at.pi Ha 

j<.m i<.n 

qj)\j < m and bj ^ A] and H 3 = {aifpi ||a qj)\ai = bj G A,i < n and j < m}. 
Proof. Set N = □ m.pi ||a □ ^j-Qj andM = ((□Hi)n(nH 2 ))n(nH 3 ). Clearly, 

z<n 

both N and M are stable. It is sufficient to prove N IZ M. Put 

~RS 

n = {iN,M)}U Id. 


We intend to check that the pair {N,M) satisfies (RSl-4). For (RSI,4), it is 
straightforward and omitted. 

(RS2) Suppose M G F. Then t G F for some t G Hi U H 2 U H 3 by 
Lemma 13.141 We shall consider the case where t € Hi, the others may be 
treated similarly and omitted. In such case, we may assume that t = Oi^.^pi^ ||a 
□ bj.qj) with iQ < n and Oi^ ^ A. So pi^ G F or □ bj.qj G F. Clearly each 

j<m 

of them implies N = O Oi.pi \\a O bj.qj G F, as desired. 

Z<n 


(RS3) Suppose N Ap \p'. Then M ^ F hy N ^ F and (RS2). Since N is 
stable, N A-p p” \p' for some p". The proof proceeds by case analysis on 
the last rule applied in the proof tree of Strip{CLLp, MclLr) N A p". 


Case 1. 


□ ai .pi—¥r 


□ ai 
i<n 


lU .□ 

3<m 


■Qj- 


lU .□ 

J<m 


— with □ bj.qj A a ^ A. 

■Ij j<m 


Then □ at.pi A r and p" = r \\a Cl bj.qj. By Lemma [3T4[3), we have 

z<n j<.m 

a = ttig and r = pi^ for some io < n. Due to Oig = a ^ H, aig.{pig ||a 
□ bj.qj) G Hi. So DHi A pig ||a □ bj.qj by Lemma 13. 14l' 2l. Moreover, since 

j<.m j<im 

{oi, bj\i < n and j < m} C Act, we get □H 2 A and □H 3 A by Lemma|3T4[3). 
Then M A pig ||a □ bj.qj = p". Hence, M Ap \p' and {p',p') G TZ. 

j<m 


Case 2. 


□ 

j<m 


■1j- 


□ ai.piWA □ I 

^<n j<m 

Similar to Case 1. 


•pij- 


□ 

i<n 


— with □ Qi.pi A and a ^ A. 

||a»' i<n 


Case 3. 


□ ai.pi-^r, □ bj.Qj-^s 
i<n j<m 

□ at.pillA □ bj .gjA^r\\AS 

i<n j<m 


with a G A. 


Then □ Oj.pi A r, □ bj.qj A s and p" = r ||a s. By Lemma 13. 14f 31. we 

i<n j<im 

have a = Oig, r = pig for some io < n and a = bjg, s = qjg for some jo < m. 
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Then aio-i pio |U 9io) ^ ^^3 because of = bjg = a G A. So Dfis pig |U qjg 
by Lemma [3T41J2). Moreover, since {ai,bj\i < n and j < m} C Act, we get 

□r^i 7^ and □ri2 7^ by Lemma [3.14r 3i. Then M pig m qjg = p”. Hence, 
M \p' and {p',p') G 72.. □ 

Compared with usual expansion law in process calculus, e.g., Prop. 3.3.5 in 
[18], someone may expect that the inequation below holds, where (1 < i < 3) 
is same as ones in Prop. 13.181 

((□Hi)n(nf72))LI(nf73) Qrs □ a^.ti m □ bj.Sj. (EXP) 

2 <n 

Unfortunately, it isn’t valid. For instance, consider ao.to = a.T, oi.fi = c.O and 
bo.So = b.O with a ^ b ^ c. Let A = {a,b}. Clearly, the set Ui(l < * < 3) 
corresponding to ones in the above proposition are: Ui = {c.(0 ||{a.b} ^-0)} and 
U2 = U3 = 0. Then 

((□L!i)n(m2))n(m3) = (c.(0 5.0)no)no. 

By Lemma 1^31 (a.TDc.O) ||{a,h} b.O G F and (c.(0 ||{a,{,} 6.0)n0)n0 ^ F. Then 
it is easy to see that (c.(0 ||{q,;,} 5.0)n0)n0 %rs (a.TDc.O) ||{a,h} ^-0. 

However, the inequation (EXP) holds for processes satisfying a moderate 
condition. Formally, we have the result below. 

Proposition 3.19. Let n,m > 0, A C Act and ai,bj G Act for each i < n 
and j < m. Assume that {{pi\ai G A and Oi bj for eaeh j < m} U {qj\bj G 
A and bj Oi for each i < n}) fl F = 0, then 

((□Ui)n(nU2))n(nH3) Cfls □ a^.pi lU □ bj.qj 

i<.n jdm 


where Lli (1 < i < 3) is same as ones in Prop. \S.1A 

Proof. Set M = □ |1 a Cl and iV = ((□Ui)n(nU 2 ))LI(nH 3 ). Similar 

2<n i<7Ti. 

to Prop. 13.181 we shall prove N C M. Put 72 = {(TV, M)} U Id. It suffices to 

show that 72 is a stable ready simulation relation. We will check that the pair 
(N,M) satisfies (RS2), the remainder is analogous to ones of Prop. IXTSl 

(RS2) Suppose M G F. By Lemmas 12.31 and 13.141 we get either pig G F 
for some < n or qjg G F for some jo < m. W.l.o.g, we consider the first 
alternative. Then, by the assumption, Oig ^ A or Oig = bjg for some jo < m. 
Consequently, aig.{pig |U □ bj.qj) G Hi or aig.{pig |U qjg) G H 3 . Hence N G F 

3<m 

by Lemma [ 3 .141 as desired. □ 

We now have all of the properties that we need to prove the soundness of 
the axiomatic system HXcll- 

Theorem 3.20 (Soundness). If\-p < q thenp ^rs Q for anyp,q G T(J1 clLr)- 

Proof. Immediately follows from Lemmas l3.6f 11 and 13.31 Prop. 1X71 13.101 
13.15113.17113.181 and 13.191 Theorem 12.51 and the fact that Qrs is reflexive and 
transitive. □ 
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4 Normal form and ground-completeness 

This section will establish the ground-completeness of AXcll for processes that 
are generated by BNF 

t ::= 0 I _L I {a.t) \ {tat) | (t A t) | (t V t) | (t |U t). 

The set of all these processes is denoted by T(Ecll)- 

To prove the ground-completeness of AXqll, we use a standard technique 
involving normal forms. The idea is to isolate a particular subclass of terms, 
called normal forms, such that the proof of the completeness is straightforward 
for it. The completeness for arbitrary terms will follow if we can show that each 
term can be reduced to normal form using axioms and inference rules in AXqll ■ 
Therefore the proof of ground-completeness falls naturally into two parts: first, 
we will show that each process in T(Ecll) is normalizable; second, it will be 
demonstrated that AXqll is ground-complete w.r.t processes in normal form. 
Before defining the normal form, we first introduce two useful notations. 


Notation 

1. Prefix{ □ tti-ti) = {ai\i < n}. 

i<.n 

2. Let < to,... ,tn-i > be a finite sequence of process terms with n > 0. 
The general disjunction V ti is defined as 

i<n 


\Jt^ = to, and \J U = {\/ ti) V tk for fc > 1. 

i<l i<k 


Similar to general external choice, the order and grouping of terms in V ti 

i<.n 

may be ignored by virtue of Axioms Dll and DI2. 


Definition 4.1 (Normal Form). The set NFb is the least subset of T(Ecll) 
such that y ti € NFb li n > 0 and for each i < n, ti has the format □ aa-ta 

i<n i<mi 

with mi > 0 such that 

(N) tij e NFb for each j < rm, 

(D) □ Qij.tij is injective in prefixes, and 

j<mi 


(N-r) Qij G Act for each j < rrii. 

We put NF = {T} U NFb- Each process term in NF is in normal form. 
Notice that NFb C T(Eb), and 0 G NFb by taking n = 1 and mo = 0 in 


The following simple observations inspire the format of normal processes in 
NFb. 

First, due to r-purity, the behaviour of any process consists of external and 
internal choices, which are interleaving but never mixing. This fact induces us 
to adopt the format V □ Uj as normal forms. 

i<ni<mi 

Second, because of a.pOa.q =rs o-iv V q) for p,q G T{Y1b) and r.p =rs P, 
we may require normal forms to satisfy Conditions (D) and (N-r), which make 
demonstrating the completeness w.r.t NF (see Lemma 14.9p easier. In fact, 
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processes □ aij .tij satisfying (N-r) indeed are V-irreducible in the distributive 

j<mi 

lattice T(I]cll,V, A) (see Remark 14.71 given later). Hence, from the lattice- 
theoretical viewpoint, defining normal form as above is natural. 

In the following, we will show that each process term can be transformed 
using axioms in AXqll into a normal form. To this end, the next four lemmas 
are firstly proved. 

Lemma 4.2. (1) h a.tda.s ^ a.{t\/s). 

(2) h (t © si) V (t 0 S 2 ) < t 0 (si V S 2 ) for each © e {□, A, ||a}- 

Proof. (1) \- t ^ t V s and h s ^ t V s (by Dll , DI5 and TRANS ) 

=>l- a.t ^ a.{t V s) and h a.s ^ a.{t V s) (by CONTEXT) 

a.taa.s !^a.(t\/ s) (by CONTEXT, EC'S and TRANS) 

(2) h Si ^ Si V S 2 and h S 2 ^ si V S 2 (by Dll, DI5 and TRANS) 

=>l- t © Si < f © (si V S 2 ) and b t © S 2 < t © (si V S 2 ) (by CONTEXT and REF) 
(t©si)V(t©S 2 ) < t©(siVs 2 ) (by E>/3, CONTEXT and TRANS) □ 

The next three lemmas provide a series of closure properties of NF, which 
ensure that the inductive proof of Normal Form Theorem can be carried out 
smoothly. 

Lemma 4.3. Ift,sG NFb then \- t A s = r for some r G NF. 

Proof. We prove it by induction on the number |t| -|- |s| 0- Since t, s G NFb, 
we may assume that t = \J ti and s = \J sr. By Dll, DI2, COl, DS2 and 

2 <n i'Kn' 

Lemma 0^2), we get 

l-tAs= (CASi'). (14. Si ll 

i<n,2'<n' 

Let i < n and i' < n'. We will show that b ti A Si' = ru/ for some rn' G NF. 
Clearly, we may assume that U = □ Oij.tij and Si' = □ hiij'.Si'ji satisfying 

(N), (D) and (N-r) in Def. 14.11 We consider two cases below. 

Case 1. Prefix{ti) yt Prefix{si>). 

By ECCl, we have b ti A sr = T. 

Case 2. Prefix{ti) = Prefix{si'). 

Thus, by the item (D) in Def. 14.11 we have rrii = m',. If Wi = 0 then, 
by the definition of general external choice, we get ti = Sir = 0. Moreover, 
b ti A Si' =0 follows from C02. In the following, we consider the nontrivial 
case where rrii > 0. By ECl, EC2, ECC2 and ECC3, it follows that 

b ti A Si' = aij.(tij A Si'j'f 

O-ij — j! 

For each pair j,j' < mi with Oij = bi>jr, since tij,Siij> G NEb and |t| -|- |s| > 
|tij| -|- |si'j'|, by IB, we have b ty A Si>j' = tijirjt for some tyi'j' G NF. Set 

S — fH Oij .tiji'jf. 

j,j'<mi, 

dij —hj^i jf 

^\t\ is the number of operators occurring in t. 
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Consequently, by CONTEXT and TRANS, we have 

ti A Si' = S. 

Clearly, if tiji'ji € NFb for each pair j,j' < rrii with aij = bi'j>, then S G NFb- 
Otherwise, we have tijgi'j'^ = T for some jo, jo < then it follows from PRl 
that 

b ~ -*-• 

Further, by EC5, CONTEXT and TRANS, we get h S' = T. 

In summary, it follows from the discussion above that, for each i < n and 
i' < n', 


either h A Si' = rw for some rn' G NFb or G ti A Si' = F. 


Then, by Dll, DM and (14.31 11. h tAs = r for some r G NFb or h tAs = T. □ 

In the above proof, we do not explicitly show the proof for the induction 
basis where t = s = 0 , as it is an instance of the proof of the induction step. 

Lemma 4.4. If t = □ ai.ti G NFb and s = □ bj-Sj G NFb, then h fDs = 

i<n j<m 

n Ci-Ti for some □ c^.r^ G NFb- 

i<,k i<k 

Proof. If n = 0 or m = 0 then it immediately follows from ECl and Ed due 
to the definition of general external choice. In the following, we consider the 
non-trivial case where n > 0 and m > 0. We distinguish two cases below. 


Case 1. Prefixft) fl Prefix{s) = 0. 
Set 

A I ak-tk 

= U 

I ^k — n’^k—r 


k < n, 

n < k < m + n. 


Then, it is trivial to check that □ pk satisfies (N), (D) and (N-r) in Def. 14.11 

fc<m+n 

that is, □ Pk G NEb- Moreover, by EC2 and TRANS, it immediately fol- 

k<.m-\-n 

lows that h fDs = □ Pk- 

fe<m+n 


Case 2. Prefixft) n Prefixes) 7 ^ 0. 

Let io < n and jo < m with Oig = bjg, since NEb C T{TtB), by Lemma lT^ ll 
and DS4:, we get h Oig.tigObjg.Sjg = aig.{tig V sjg). Further, by Def. 14.11 Dll, 
DI2, CONTEXT and TRANS, it follows from Ug,Sjg G NFb that 


b aig.tig^bjg.Sjg = Oig.p foi' somc p G NFb- 


Thus, for each i < n and j < m with Oi = bj, we can fix a process term 
Pij G NFb such that 

b Qi-ti^bj .Sj = Oi-Pij. 

Put 


Si = □ tti-ti, 82 = n bj.Sj, 

ai^Prefix{s), bj^Prefix{t), 

i<n j<.m 


S3 = □ ai.pij. 

CLi ^Prefix{t)r\Prefix{s ), 
ai=bj ,i<.n,j<.m 
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Then, by ECl, EC2, TRANS and CONTEXT, we obtain b tOs = { 81082 )^ 33 . 
Clearly, both 81 and S 2 are in NFb- Moreover, since t and s are injective in 
prefixes, so is 83 . Hence, 83 is also in NFb- Further, since Prefix{ 8 i) 0 
Prefix{ 8 j) = 0 for 1 < j 7 ^ j < 3, similar to Case 1, we have h (S'inS' 2 )n 5'3 = 
□ Ci-Ti for some □ G NFb- d 

i<.k i<.k 

Lemma 4.5. Ift,sG NFb then h t ||^ s = r for some r G NFb- 

Proof. We prove it by induction on the number |t| + |s|. Since s G NFb, we 
may assume that t = \/ ti and s = \J Si'. By axioms Dll, DI2, PAl, D83 

i<n i'<n' 

and Lemma 14.2( 21. we get 

\-t\\AS= \J (ti lU Si/). (gmi) 

<.n' 

We shall show that for each i < n and i' < n', 

'r U IIA Si/ = Tii/ for some rui G NFb- 

Let i < n and i' < n'. We may assume that ti = □ atj-Uj and Sf = 

_ j<mi 

□ bi>j>.Si'j> satisfying (N), (D) and (N-r) in Def. 14.11 By EX PI and EXP2, 
we have 


1“ ti lU 'Si' = 

( f-1 O-ij .(fij 11^ Si/)n fH biiji-ifi 11^ Si/j/))n fH Q-ij-ifij 11^ Si'j'f 
j<mi, j'<m'.,, <m'.,, 

ay=bi/„-/eA 

(0312) 

We consider two cases. 

Case 1. mi = 0 or m', = 0. 

W.l.o.g, assume that rm = 0. Then, by (14.51 21. ECl, ECA, CONTEXT and 
TRANS, we get 

I-ti lu Si' = , &i'j'-(0 ||a Si'f). (0^3) 

j' , 

bi'jNA 

If {biijt ^ A|/ < m',} = 0 then h ti ||a Si/ = 0. Next, we consider the case where 
{h'j' i A|/ < m',} 0. For each j' < m', with biiy ^ A, we have Si'y G NFb, 

moreover, |t| + |s| > |0| + |si/j/|. Then, by IH, we get h 0 ||^ Si>j> = pji for some 
Pf G NFb- Therefore, by CONTEXT, TRANS and (14.51 31. it is easy to see 
that ti\\A Si' = Tii' for some rw G NFb- 


Case 2. mi > 0 and m', > 0. 

In such case, for each j < mi and j' < m'/, we have |t| + |s| > |tyj + |si/|, 
|t| + |s| > |ti| + |si/j/| and |t| + |s| > |tyj + |si/j/1. Moreover, ty, Si/, ti, Si/^/ e NFb- 
Then, by IH, there exist tiji' ,tiiij> ,tiji>j> G NFb such that h ty Ha Si' = tiji', 
^ ti IIA Si'j' — tii'j' and b tij IIA Si'j' — tiji'j'- Set 

8\ — fH Q-ij-tiji', S2 — f -1 bi'j'-tii'j', 83 — fH Q-ij.tiji'j'. 

3 <'^i j" 
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Clearly, 81 , 52,83 € NFb and h ti m si' = ( 5 'inS' 2 )n 5 ' 3 . Further, by 
Lemma SHI we get \- ti ||a Si' = »"m' for some ru/ € NFb, as desired. 

In summary, by the discussion above, we conclude that, for each i < n and 
i' < n', ti \\a Si' = Tii' for some rn' G NFb- Then, by Def. 14.11 and (14.51 1') , it 
immediately follows that \- t \\a s = r for some r G NFb, as desired. □ 

Now, we can prove that each process term is normalizable. That is 

Theorem 4.6 (Normal Form Theorem). For each t G T{Yicll), t = s for 
some s G NF. 

Proof. We prove it by induction on the structure of t. 

• t = 0 or t = T. 

Trivially. 

• t = a.ti- 

By IH and CONTEXT, we get \- t = a.t'i for some t'l G NF. If t'l ^ T and 
a G Act, then a.t'i G NFb- If t'l = T, by PRl, PR2 and TRANS, we obtain 
h t = T. If a = T, by PR2 and TRANS, we have t = t'l- 

• t = tiQt 2 with © G {V, □, A, ||a}. 

For i = 1,2, by IH, we have h = t' for some f' G NF. We distinguish four 
cases based on 0. 

Case I. 0 = V. 

If t'l ^ T and ^ T (i.e., t'i,t '2 G NFb), then it immediately follows from 
Dll, DI2, CONTEXT and TRANS that \- t = s for some s G NFb- Otherwise, 
w.l.o.g, assume that = T. Then, by Dll, Dli and TRANS, we get h t 

Case 2. 0 = □. 

If either t'l = T or = T, then it follows from ECl and ECb that h t = T. 
In the following, we consider the case where t'l ^ T and t '2 ^ T. In this 
situation, we get t'i,t '2 G NEb- So, we may assume that t'i= \J □ aij.Sij and 

t '2 = y □ bi'j'.ri'j' with □ Qij.Sij, □ bi'ji.ri'ji G NFb for each i < n 

j<mi 

and i' < n'. Thus, by Dll, D/2, CONTEXT, TRANS, D81 and LeminaKTl2). 
we obtain 

\-tint2 = V ( □ ©j.SjjD □ bi'ji.ri'ji). 

* j<mi 

Further, by CONTEXT, Lemma 14.41 and Def. 14.11 it immediately follows that 
h tiUt 2 = ts for some fa G NFb- 

Case 3. © = A. 

If t'i G NFb for i = 1,2 then, by Lemma [4.31 we have h t = ^3 for some 
ta G NF, otherwise, by COl and C03, we get F t = T. 

Case 4. © =||a- 

If either = T or = T then, by PAl and PA2, we get h t = T. 
Otherwise, we have t'i,t '2 G NFb, so, by Lemma [T5l we obtain h t = s for some 
s G NFb- CH 
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Remark 4.7. Clearly, □ Ui.ti =_rs P V 9 with Ui € Act implies □ ai.ti =rs P 

i<n i<.n 

or □ ai.ti =Rs q, and ± =rs pV q implies ± =rs p and _L =rs q for any p, q. 

i<.n 

Thus T and processes with form □ ai.ti are V-irreducible in the distributive 

i<.n 

lattice < r(ScLL), V, A >. Therefore, by the well-known result so-called Unique 
Decomposition Theorem in Lattice Theory (see, e.g. m), the normal form 
representation of any t G T(Ecll) is unique in an obvious sense. 

We now turn our attention to the ground-completeness of AXchh- First, we 
state a trivial result about general disjunction. 

Lemma 4.8. Let n > 0 and ti be stable for each i < n. 

(1) If \J ti ^ F then \J ti \ti for each i <n. 

i<.n i<.n 

(2) If y ti ^ \t' then t' = tifj for some io < n. 

i<.n 

Proof. Straightforward by induction on n. □ 

A crucial step in proving the ground-completeness is to verify the complete¬ 
ness of AXchh w.r.t NF. Next we do this. 

Lemma 4.9. Ifti,t 2 G NF and ti C t 2 then ti ^ t 2 

~RS 

Proof. We prove the statement by induction on |ti|. Since U tl ^ 2 , both ti 
and t 2 are stable. Further, since ti,t 2 S NF, we get, for i = 1,2 

ti = 0 or ti = F 01 ti = □ Oij.tij G NFr with > 0 . gsii) 

3<m 

Therefore, the argument splits into three cases below. 

Case 1. <1 = T. 

Then, by Dll, Dll, DI5 and TRANS, we have h ti ^ t 2 . 

Case 2. ti = 0. 

Clearly, ti ^ F and I(ti) = 0. Further we get t 2 ^ F and F{ti) = 1 (^ 2 ) by 

tl IZ t 2 . Thus, by (14.91 11. we have t 2 = 0. Then F U ^ ^2 follows from REF. 
~RS 

Case 3. <1 = □ at.tu with n > 0. 

i<.n 

Since <1 G NFr Q T(Eb), by Lemma ESI we have ti ^ F. Hence, by 
He t 2 , we get t 2 ^ F and I{t 2 ) = I{ti) = {ai\i < n} 7 ^ 0. Further, it follows 

from (14.91 11 and the condition (D) in Def. 14.11 that there exist t 2 i G NFr and 
a' G Act{i < n) such that 

t 2 = □ a[.t 2 i G NFr and {ai\i < n} = {a[\i < n}. 

i<.n 

By CONTEXT, it is easy to know that, in order to complete the proof, it is 
sufficient to show that 


Vz < n 3 i' < n(l- at.tu ^ a'/.t2i')- 

Let io < n. We have Oig = a'/ for some Zq < n. Since F NFr, by 

Def. 14.11 there exist m,m' > 0, Sj{j < m) and < m') such that 
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1. tlia = V Sj and = V 

j<m j'<m' 

2. Sj and s', are stable for each j < m and j' < m', 

3. Sj, s', G NFb for each j <m and f < m'. 

In the following, we want to show that h Sj ^ t 2 i'g for each j < m. Let jo < m. 
Since NFb C T(I]b), by Lemma [3.31 and Id.Sf l'). it immediately follows that 

tiio =^F Isjo- Thus, ti tii^ =^F Isjo- Then, it follows from ti \Z t 2 that 

~RS 

t 2 1^2 ^ ^2 some t' 2 . 6112) 

~RS 

^ in ^ 

Further, since ^2 is injective in prefixes and t 2 is stable, we get t 2 ^f =^f 
1^2- Then, by Lemma 011)2), we obtain 

t '2 = s', for some jg < m'. (14.91 31 

Since |ti| > |sjo|, by (14.91 21. (14.91 31 and IH, we get h Sj^ ^ s',. Further, by 
Dll, D/2, D/5 and TRANS, we have h s^g < t 2 i^, as desired. 

So far, we have obtained 

h Sj ^ t 2 i'^ for each j < m. 

Then, by D/1, D/2, D/3, CONTEXT and TRANS, we get h \/ Sj ^ that 

j<m 

is, h tiig ^ t 2 i>^. So, by CONTEXT, it follows that h aig.tu^ < □ 

We are now ready to prove the main result of this section. 

Theorem 4.10 (Ground-Completeness). For any ti ,<2 G T(Scll), D Qrs h 
implies h ti ^ 0- 

Proof. Assume that ti Qrs h- By Theorem 14.61 h ti = t* and h O = ^2 
some ^ 1,^2 S A^D. It suffices to prove that Ft* ^ By Theorem l3.201 we have 
h =RS tl and O =rs t* 2 - So t* C/js 

If tj) = T then it follows from D/1, D/4, D/5 and TRANS that F tj' ^ t^- 
Next, we consider the case t\ ^ T. Then, t\ G NFb- We may assume t); = V 

i<n 

with n > 0 and for each i < n, tu = □ Oij.rij G NFb with rui > 0. In order 

j<mi 

to complete the proof, it is sufficient to show that 

F tii ^ ^2 for each i < n. 

Let ig < n. Since NFb C TISrI. bvLemma l3.3l and f4.8l ll. we have t* =4 >_f |tiig. 

Then, it follows from tl that t^^F 1^2 C t '2 for some t' 2 . So, 

~RS 

^2 ^ F, that is, t 2 ^ T. Thus, t^ G NFb and we may assume that = V ^21 

i<k 

with / > 0 and for each i <k,t 2 i= □ hj.Sij G NFb for some to' > 0. Thus, 

j<m'. 

t 2 i is stable for each i < k. Then, by Lemma [4.81 21. it follows from =^f 1^2 
that t '2 = t 2 i' for some ig < k. Further, by Lemma 14.91 F tu^ ^ t 2 i' follows 
from flip C t '2 = t 2 i'. Finally, by D/1, D/2, DI5 and TRANS, we obtain 

F trig ^ ^ 2 ; desired. □ 
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5 Conclusions and Discussion 


This paper has provided a ground-complete proof system for weak ready sim¬ 
ulation presented by Liittgen and Vogler for the finite fragment of the calculus 
CLL/{. In addition to standard axioms, since enriching process languages with 
logical operators conjunction and disjunction, such proof system contains a num¬ 
ber of axioms to capture the interaction between usual process operators and 
logical operators. 

Compared with usual notions of behaviour preorders [S], a specific point 
of Liittgen and Vogler’s ready simulation is that it involves consideration of 
inconsistencies. The predicate F plays a central role in this notion. Due to such 
particular characteristic, side-conditions are attached to some axioms in AXcll 
(including DSA, ECC3 and EXP2) so that processes can be treated differently 
according to their consistency. The guideline in designing of AXcll is that we 
need to find enough axioms to reduce (in) consistent processes to basic processes 
(T, resp.). Such trick seems to be also useful in considering proof system for 
more general cases involving recursions. However, it is far from trivial to carry 
out this trick in the presence of recursions. In the following, we would like to 
discuss this sketchily. 

In the framework of LLTS, since divergence is viewed as catastrophic, any 
process, which cannot evolve into a stable state in finitely many steps, is specified 
to be inconsistent. This intuition is captured formally by the condition (LTS2) 
in Def. 12.11 Obviously, it is recursion that may bring divergence. Thus we 
must put attention to such additional origin of inconsistency in the presence of 
recursions. 

In order to carry out the trick mentioned above, we need to isolate a partic¬ 
ular subclass of terms syntactically, which plays a role analogous to that played 
by T{Tib) (see Def. 13.11) in this paper. In our mind, a rational choice for such 
subclass is ET{Yib) mentioned in Remark 13.21 which extends TCEb) by admit¬ 
ting strongly guarded processes {X\E) (without involving conjunction and T) 
into BNF grammar oi T(Eb), and satisfies ET(Eb) D F = 0 (its proof is given 
in the Appendix). 

To confirm that the choice above is right, we must ensure that ET{Yjb) is 
sufficiently expressive to “represent” all consistent processes. That is, we need 
to provide a group of axioms so that, for any process t, if t is (in)consistent 
then it can be reduced to one in ET(Eb) (T resp.) by applying these ax¬ 
ioms. At present, it seems to be difficult to find these axioms. For instance, 
since there exist weakly guarded recursions that is consistent (e.g., {X\X = 
(ADa.O) V &.0)), we need enough axioms to transfer them into ET{Yjb)- In par¬ 
ticular, a few axioms are needed to transfer (consistent) weakly guarded recur¬ 
sions into strongly guarded ones (notice that all recursive processes in ET{'Eb) 
are strongly guarded). In [H], Milner has solved analogous problem for obser¬ 
vational congruence in the calculus CCS through referring the following axioms 
0 . 

{X\X = xut) = {X\X = t) (Ml) 

{X\X = T.XUt) = {X\X = T.t) (M2) 

^In |19| . Milner uses the operator + and the notation fiXt instead of external choice □ and 
{X\X = t) resp. Moreover Baeten and Bravetti point out that Axioms (M2) and (M3) can be 
equivalently expressed by a single axiom . 
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{X\X = T.{XUt)Us) = {X\X = T.XUtUs) (M3) 

Unfortunately, none of these axioms works well in our situation. First, since un¬ 
guarded recursions are incompatible with negative rules [4], the calculus CLL^ 
restricts itself to guarded ones [35]. Hence Axiom (Ml) is outside our terms of 
reference. Second, Axiom (M2) is not valid w.r.t =rs- For instance, consider 
t = a.X, then we get {X\X = r.XUa.X) G F and {X\X = r.a.X) ^ F. Fi¬ 
nally, due to T-purity, both {X\X = T.(An<)ns) and {X\X = r.ADtDs) are 
inconsistent for any t, s. Therefore, Axiom (M3) may be useful for transferring 
inconsistent processes into _L because the scope of the prefix r.() in left-hand 
side of (M3) is larger than one in right-hand side, but it no longer has any effect 
on transferring consistent weakly guarded (X\E) into strongly guarded one. 

Summarily, we need to find appropriate axioms from scratch to cope with 
inconsistency caused by recursions. 
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A Appendix 

We mentioned in Section 5 that ET{Tib) O F = 0. This Appendix is devoted to 
proving this claim. We first define ET{T,b) formally. 

Definition A.l (Extended Basic Term). The extended basic terms are defined 
by BNF: t ::= 0 j [a.t) \ tUt \ t W t \ t \\a t \ X \ {X\X = t), where a G AcE, 
X G Var, a C Act and in {X\X = t), X is strongly guarded in t. We denote 
ET{'Eb) as the set of all extended basic terms. 

As usual, we use to denote a term t whose free variables form a subset 
of {Ai,..., Xn} where X = (Ai,..., A„) is a n-tuple distinct variables, is 
stable if t^{T.0/A} 

Lemma A.2. is stable then tj^{p/X} ^ for any p. 

Proof. Assume t^{p/X} A r for some r. It suffices to prove <^{t. 0/A} A. It 
proceeds by induction on the depth of the inference of ^^^^(CLLfl;, MclLh) 
tj^{p/X} A r. The induction is easy to carry out by distinguishing several 
cases based on the last rule applied in the inference. We leave the proof to the 
reader. □ 
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Lemma A. 3. If is a term in ET{Yib) such that X is strongly guarded in 
X & X, then there exists t'~ G ET{Eb) such that, for any q, 
t^{q/X} ^ \t'~{q/X}. 

Proof. If ijf is stable then the conclusion holds trivially by Lemma IA.2I In 
the following, we devote ourselves to considering non-trivial case where t^ is 
not stable. It proceeds by induction on the structure oi t^. Here we consider 
only non-trivial case t^ = {Y\Y = t). In this situation, Y ^ X and t is in 
ET{Yb) whose free variables are in {H} U A. Moreover, for each Z G {Y}UX, 
Z is strongly guarded in t. Hence, by IH, there exists t' G ET(Yb) such that 
t{p/X,q/Y} \t'{p/X,q/Y} for any p,q. In particular, we get 

t{p/X, {Y\Y = t){p/X}/Y) \t'{p/X, {Y\Y = t){p/X}/Y} for any p. 

Further, by Rule i?ai6, h follows from t{p/A, (F|y = t){plX}/Y} = t{(Y\Y = 
t)/Y}{p/X} that 

{Y\Y = t){p/X} ^ \t'{{Y\Y = t)/Y}{p/X} for anyp. 

Set t'~ = t'{{Y\Y = t)/Y}. Then it is easy to see that t"~ G ET{T,b) due to 
t', (H|y = t) G ET{Y,b). Hence t'~ is the one that we desire. □ 

As an immediate consequence of the lemma above, we have 

Corollary A. 4. For any process (i.e., terms with no free variables) p G ET{Yb), 
there exists q G ET{Y,b) such that p ^ \q. 

Proposition A.5. ET{T,b) 0 E = $. 

Proof. Since P is a set of processes, it suffices to show that each process in 
ET{Yb) is consistent. Let H be the set of all processes in ET{T,b). Due to the 
well-foundedness of proof trees, in order to complete the proof, it is sufficient 
to show that, for any p G H, if T is a proof tree of Strip{CLLB, MclLr) b pF 
then T has a proper subtree with root rF for some r G H. We shall prove this 
as follows. 

Let p G H and T be a proof tree of pF. It is a routine case analysis based 
on the last rule applied in F. We distinguish different cases based on the form 
of p. Clearly, p ^ 0 due to 0 ^ F. For p = a.pi or pi 0p2 with © G {V, □, ||^}, 
it is obvious that pi,P 2 G ET{Y,b). Moreover, by SOS rules of CLLij, it is easy 
to see that T has a proper subtree with root piF for some i G {1,2}. Next 
we handle the case p = {Y\Y = ty). Then the last rule applied in T is either 

^(F|v=ty)^_F O'' ^^0 former, it is obvious that {ty|F = 

ty) G ft due to {tylY = ty) = ty{(F|F = ty)/F} (see subsection 2.2) and 
ty, (Y\Y = ty) G ET{'Eb). For the latter, by Corollary I A. 41 (Y\Y = ty) \r' 
for some r' G H, as desired. □ 
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